Detection of change is easy… There, I said it. Anyone can do it. One thousand monkeys with keyboards can pound out scripts to detect change. What is not so easy, what the monkeys can’t do, is reconcile change. Even worse, it’s usually the monkeys who make the changes that bring everything crashing down around your knees.
It’s the reconciliation of change that most organizations have the most trouble with. What was the change? When was it made? Who made it? Was it authorized?
Welcome to change management.
These are all questions that most folks struggle with. Especially that last one. In the early days of tech, it was a Wild Wild West mentality where speed was of the essence. If something needed to be done, the admins would just reach their little monkey hands into the server and do what needed to be done. To hell with the consequences.
When things worked out, the admin was the hero. When they didn’t, the admin would quietly hide behind the anonymity of being one of a thousand monkeys. Sometimes, if something broke, the hero would emerge from the smoking carcass of the server with the fix in hand. However, one of my old CTOs had a saying:
“The person who saved the ship is usually the person who started sinking it in the first place.”
Now, in many organizations, some processes exist for change management – not because they want to but because they have to. Some groups/governments/industries say they need it. PCI DSS, SOX and NERC/CIP are all examples of producing standards that tell you that you need to be able to detect change. Hell, I made a career selling software that allowed them to check that little box.
But what I have seen over the course of that (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Chris Orr. Read the original post at: https://www.tripwire.com/state-of-security/vulnerability-management/developing-an-effective-change-management-program/